PT-2022-24088 · Devolutions+1 · Devolutions Remote Desktop Manager+2
Published
2022-11-01
·
Updated
2023-07-21
·
CVE-2022-3781
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Devolutions Remote Desktop Manager versions 2022.2.26 and prior
Devolutions Server versions 2022.3.1 and prior
Description
The issue concerns the lack of encryption for Dashlane password and Keepass Server password in My Account Settings, stored in the database. This allows database users to read the data.
Recommendations
For Devolutions Remote Desktop Manager versions 2022.2.26 and prior, update to a version later than 2022.2.26 to ensure the passwords are properly encrypted.
For Devolutions Server versions 2022.3.1 and prior, update to a version later than 2022.3.1 to ensure the passwords are properly encrypted.
Fix
Missing Encryption of Sensitive Data
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dashlane
Devolutions Remote Desktop Manager
Devolutions Server